diff --git a/pkg/ibmvpc/examples/acl_testing5subnetsDiff.txt b/pkg/ibmvpc/examples/acl_testing5subnetsDiff.txt index cf992e493..2b4908c89 100644 --- a/pkg/ibmvpc/examples/acl_testing5subnetsDiff.txt +++ b/pkg/ibmvpc/examples/acl_testing5subnetsDiff.txt @@ -1,6 +1,8 @@ Analysis for diff between VPC test-vpc-ky1 and VPC test-vpc-ky2 diff-type: added, source: sub1-2-ky, destination: sub1-1-ky, config1: protocol: TCP, config2: No connection diff-type: added, source: sub1-3-ky, destination: sub1-1-ky, config1: protocol: TCP, config2: No connection +diff-type: changed, source: sub1-1-ky, destination: sub1-2-ky, config1: protocol: TCP, config2: protocol: TCP * +diff-type: changed, source: sub1-1-ky, destination: sub1-3-ky, config1: protocol: TCP, config2: protocol: TCP * diff-type: changed, source: sub2-1-ky, destination: Public Internet [8.8.8.8/32], config1: protocol: UDP dst-ports: 53, config2: protocol: UDP dst-ports: 43,53 diff-type: removed, source: sub2-1-ky, destination: Public Internet [8.8.8.0/29], config1: No connection, config2: protocol: UDP dst-ports: 53 * diff --git a/pkg/vpcmodel/semanticDiffSubnets.go b/pkg/vpcmodel/semanticDiffSubnets.go index 5aebe7996..a13b143e4 100644 --- a/pkg/vpcmodel/semanticDiffSubnets.go +++ b/pkg/vpcmodel/semanticDiffSubnets.go @@ -133,8 +133,10 @@ func (subnetConfConnectivity *SubnetConfigConnectivity) subtract(other *SubnetCo if srcInOther != nil && dstInOther != nil { if otherSrc, ok := other.subnetConnectivity[srcInOther]; ok { if otherConn, ok := otherSrc[dstInOther]; ok { - // ToDo: https://github.com/np-guard/vpc-network-config-analyzer/issues/199 - if !includeChanged || (conns.Equal(otherConn) && conns.IsStateful == otherConn.IsStateful){ + equalConnections := conns.Equal(otherConn) && + // ToDo: https://github.com/np-guard/vpc-network-config-analyzer/issues/199 + conns.IsStateful == otherConn.IsStateful + if !includeChanged || equalConnections { continue } connDiff.conn2 = otherConn